a03fe36fa6
This change uses a common DHCPAgentContext and takes care to check for a pre-existing setting in the dhcp_agent.ini. Only allowing a config change if there is no pre-existing setting. Please review and merge charm-helpers PR: https://github.com/juju/charm-helpers/pull/422 Partial-Bug: #1831935 func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/157 Change-Id: Ia01c637b0837a4e594d16f6565c605460ad3f922
352 lines
13 KiB
YAML
352 lines
13 KiB
YAML
options:
|
|
debug:
|
|
type: boolean
|
|
default: False
|
|
description: Enable debug logging.
|
|
verbose:
|
|
type: boolean
|
|
default: False
|
|
description: Enable verbose logging.
|
|
use-syslog:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Setting this to True will allow supporting services to log to syslog.
|
|
openstack-origin:
|
|
type: string
|
|
default: distro
|
|
description: |
|
|
Repository from which to install. May be one of the following:
|
|
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
or a supported Ubuntu Cloud Archive, e.g.
|
|
.
|
|
cloud:<series>-<openstack-release>
|
|
cloud:<series>-<openstack-release>/updates
|
|
cloud:<series>-<openstack-release>/staging
|
|
cloud:<series>-<openstack-release>/proposed
|
|
.
|
|
See https://wiki.ubuntu.com/OpenStack/CloudArchive for info on which
|
|
cloud archives are available and supported.
|
|
.
|
|
NOTE: updating this setting to a source that is known to provide
|
|
a later version of OpenStack will trigger a software upgrade unless
|
|
action-managed-upgrade is set to True.
|
|
action-managed-upgrade:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True enables openstack upgrades for this charm via juju actions.
|
|
You will still need to set openstack-origin to the new repository but
|
|
instead of an upgrade running automatically across all units, it will
|
|
wait for you to execute the openstack-upgrade action for this charm on
|
|
each unit. If False it will revert to existing behavior of upgrading
|
|
all units on config change.
|
|
harden:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Apply system hardening. Supports a space-delimited list of modules
|
|
to run. Supported modules currently include os, ssh, apache and mysql.
|
|
rabbit-user:
|
|
type: string
|
|
description: RabbitMQ user
|
|
default: neutron
|
|
rabbit-vhost:
|
|
type: string
|
|
description: RabbitMQ Virtual Host
|
|
default: openstack
|
|
nova-rabbit-user:
|
|
type: string
|
|
description: RabbitMQ Nova user
|
|
default: nova
|
|
nova-rabbit-vhost:
|
|
type: string
|
|
description: RabbitMQ Nova Virtual Host
|
|
default: openstack
|
|
plugin:
|
|
type: string
|
|
default: ovs
|
|
description: |
|
|
Network configuration plugin to use for quantum.
|
|
Supported values include:
|
|
.
|
|
ovs - ML2 + Open vSwitch
|
|
nsx - VMware NSX
|
|
n1kv - Cisco N1kv
|
|
ovs-odl - ML2 + Open vSwitch with OpenDayLight Controller
|
|
ext-port:
|
|
type: string
|
|
default:
|
|
description: |
|
|
[DEPRECATED] Use bridge-mappings and data-port to create a network
|
|
which can be used for external connectivity. You can call the network
|
|
external and the bridge br-ex by convention, but neither is required.
|
|
.
|
|
Space-delimited list of external ports to use for routing of instance
|
|
traffic to the external public network. Valid values are either MAC
|
|
addresses (in which case only MAC addresses for interfaces without an IP
|
|
address already assigned will be used), or interfaces (eth0)
|
|
data-port:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Space-delimited list of bridge:port mappings. Ports will be added to
|
|
their corresponding bridge. The bridges will allow usage of flat or
|
|
VLAN network types with Neutron and should match this defined in
|
|
bridge-mappings.
|
|
.
|
|
Ports provided can be the name or MAC address of the interface to be
|
|
added to the bridge. If MAC addresses are used, you may provide multiple
|
|
bridge:mac for the same bridge so as to be able to configure multiple
|
|
units. In this case the charm will run through the provided MAC addresses
|
|
for each bridge until it finds one it can resolve to an interface name.
|
|
run-internal-router:
|
|
type: string
|
|
default: all
|
|
description: |
|
|
Optional configuration to support how the L3 agent option
|
|
handle_internal_only_routers is configured.
|
|
all => Set to be true everywhere
|
|
none => Set to be false everywhere
|
|
leader => Set to be true on one node (the leader) and false everywhere
|
|
else.
|
|
Use leader and none when configuring multiple floating pools
|
|
external-network-id:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Optional configuration to set the external-network-id. Only needed when
|
|
configuring multiple external networks and should be used in conjunction
|
|
with run-internal-router.
|
|
instance-mtu:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Configure DHCP services to provide MTU configuration to instances
|
|
within the cloud. This is useful in deployments where its not
|
|
possible to increase MTU on switches and physical servers to
|
|
accommodate the packet overhead of using GRE tunnels.
|
|
dnsmasq-flags:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Comma-separated list of key=value config flags with the additional
|
|
dhcp options for neutron dnsmasq.
|
|
dns-servers:
|
|
type: string
|
|
default:
|
|
description: |
|
|
A comma-separated list of DNS servers which will be used by dnsmasq as
|
|
forwarders.
|
|
enable-l3-agent:
|
|
type: boolean
|
|
default: True
|
|
description: |
|
|
Optional configuration to support use of linux router
|
|
Note that this is used only for Cisco n1kv plugin.
|
|
worker-multiplier:
|
|
type: float
|
|
default:
|
|
description: |
|
|
The CPU core multiplier to use when configuring worker processes for
|
|
this service. By default, the number of workers for each daemon is
|
|
set to twice the number of CPU cores a service unit has. When deployed
|
|
in a LXD container, this default value will be capped to 4 workers
|
|
unless this configuration option is set.
|
|
bridge-mappings:
|
|
type: string
|
|
default: 'physnet1:br-data'
|
|
description: |
|
|
Space-separated list of ML2 data bridge mappings with format
|
|
<provider>:<bridge>.
|
|
flat-network-providers:
|
|
type: string
|
|
default:
|
|
description: |
|
|
Space-delimited list of Neutron flat network providers.
|
|
vlan-ranges:
|
|
type: string
|
|
default: "physnet1:1000:2000"
|
|
description: |
|
|
Space-delimited list of <physical_network>:<vlan_min>:<vlan_max> or
|
|
<physical_network> specifying physical_network names usable for VLAN
|
|
provider and tenant networks, as well as ranges of VLAN tags on each
|
|
available for allocation to tenant networks.
|
|
aa-profile-mode:
|
|
type: string
|
|
default: 'disable'
|
|
description: |
|
|
Experimental enable apparmor profile. Valid settings: 'complain',
|
|
'enforce' or 'disable'. AA disabled by default.
|
|
enable-metadata-network:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
The metadata network is used by solutions which do not leverage the l3
|
|
agent for providing access to the metadata service.
|
|
enable-isolated-metadata:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Enable metadata on an isolated network (no router ports).
|
|
sysctl:
|
|
type: string
|
|
default: |
|
|
{ net.ipv4.neigh.default.gc_thresh1 : 128,
|
|
net.ipv4.neigh.default.gc_thresh2 : 28672,
|
|
net.ipv4.neigh.default.gc_thresh3 : 32768,
|
|
net.ipv6.neigh.default.gc_thresh1 : 128,
|
|
net.ipv6.neigh.default.gc_thresh2 : 28672,
|
|
net.ipv6.neigh.default.gc_thresh3 : 32768,
|
|
net.nf_conntrack_max : 1000000,
|
|
net.netfilter.nf_conntrack_buckets : 204800,
|
|
net.netfilter.nf_conntrack_max : 1000000 }
|
|
description: |
|
|
YAML-formatted associative array of sysctl key/value pairs to be set
|
|
persistently e.g. '{ kernel.pid_max : 4194303 }'.
|
|
# Network config (by default all access is over 'private-address')
|
|
os-data-network:
|
|
type: string
|
|
default:
|
|
description: |
|
|
The IP address and netmask of the OpenStack Data network (e.g.
|
|
192.168.0.0/24)
|
|
.
|
|
This network will be used for tenant network traffic in overlay
|
|
networks.
|
|
# Legacy (Icehouse) HA
|
|
ha-legacy-mode:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
If True will enable Pacemaker to monitor the neutron-ha-monitor daemon
|
|
on every neutron-gateway unit, which detects neutron agents status and
|
|
reschedule resources hosting on failed agents, detects local errors and
|
|
release resources when network is unreachable or do necessary recover
|
|
tasks. This feature targets to < Juno which doesn't natively support HA
|
|
in Neutron itself.
|
|
ha-bindiface:
|
|
type: string
|
|
default: eth0
|
|
description: |
|
|
Default network interface on which HA cluster will bind to communicate
|
|
with the other members of the HA Cluster.
|
|
ha-mcastport:
|
|
type: int
|
|
default: 5409
|
|
description: |
|
|
Default multicast port number that will be used to communicate between
|
|
HA Cluster nodes.
|
|
# Monitoring config
|
|
nagios_context:
|
|
type: string
|
|
default: "juju"
|
|
description: |
|
|
Used by the nrpe-external-master subordinate charm.
|
|
A string that will be prepended to instance name to set the host name
|
|
in Nagios. So for instance the hostname would be something like:
|
|
juju-myservice-0
|
|
If you're running multiple environments with the same services in them
|
|
this allows you to differentiate between them.
|
|
nagios_servicegroups:
|
|
type: string
|
|
default: ""
|
|
description: |
|
|
A comma-separated list of Nagios service groups.
|
|
If left empty, the nagios_context will be used as the servicegroup
|
|
ipfix-target:
|
|
type: string
|
|
default:
|
|
description: |
|
|
IPFIX target wit the format "IP_Address:Port". This will enable IPFIX
|
|
exporting on all OVS bridges to the target, including br-int and br-ext.
|
|
vendor-data:
|
|
type: string
|
|
default:
|
|
description: |
|
|
A JSON-formatted string that will serve as vendor metadata
|
|
(via "StaticJSON" provider) to all VM's within an OpenStack deployment,
|
|
regardless of project or domain. For deployments of Rocky or later
|
|
this value is ignored. Please set the corresponding value in the
|
|
nova-cloud-controller charm.
|
|
vendor-data-url:
|
|
type: string
|
|
default:
|
|
description: |
|
|
A URL serving JSON-formatted data that will serve as vendor metadata
|
|
(via "DynamicJSON" provider) to all VM's within an OpenStack deployment,
|
|
regardless of project or domain.
|
|
.
|
|
Only supported in OpenStack Newton and higher. For deployments of Rocky or
|
|
later this value is ignored. Please set the corresponding value in the
|
|
nova-cloud-controller charm.
|
|
default-availability-zone:
|
|
type: string
|
|
default: 'nova'
|
|
description: |
|
|
Default availability zone to use for agents (l3, dhcp) on this machine.
|
|
If this option is not set, the default availability zone 'nova' is used.
|
|
If customize-failure-domain is set to True, it will override this option
|
|
only if an AZ is set by the Juju provider. If JUJU_AVAILABILITY_ZONE is
|
|
not set, the value specified by this option will be used regardless of
|
|
customize-failure-domain's setting.
|
|
|
|
.
|
|
NOTE: Router and Network objects have a property called
|
|
availability_zone_hints which can be used to restrict dnsmasq
|
|
and router namespace placement by DHCP and L3 agents to specific
|
|
neutron availability zones. Neutron AZs are not tied to Nova AZs but
|
|
their names can match.
|
|
.
|
|
customize-failure-domain:
|
|
type: boolean
|
|
default: False
|
|
description: |
|
|
Juju propagates availability zone information to charms from the
|
|
underlying machine provider such as MAAS and this option allows the
|
|
charm to use JUJU_AVAILABILITY_ZONE to set default_availability_zone
|
|
for Neutron agents (DHCP and L3 agents). This option overrides the
|
|
default-availability-zone charm config setting only when the Juju
|
|
provider sets JUJU_AVAILABILITY_ZONE.
|
|
firewall-group-log-output-base:
|
|
type: string
|
|
default:
|
|
description: |
|
|
This option allows setting a path for Firewall Group logs.
|
|
A valid file system path must be provided. If this option is not
|
|
provided Neutron will use syslog as a destination.
|
|
(Available from Stein)
|
|
firewall-group-log-rate-limit:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Log entries are queued for writing to a log file when a packet rate
|
|
exceeds the limit set by this option.
|
|
Possible values: null (no rate limitation), integer values greater than 100.
|
|
WARNING: Should be NOT LESS than 100, if set (if null logging will not be
|
|
rate limited).
|
|
(Available from Stein)
|
|
firewall-group-log-burst-limit:
|
|
type: int
|
|
default: 25
|
|
description: |
|
|
This option sets the maximum queue size for log entries.
|
|
Can be used to avoid excessive memory consumption.
|
|
WARNING: Should be NOT LESS than 25.
|
|
(Available from Stein)
|
|
ovsdb-timeout:
|
|
type: int
|
|
default:
|
|
description: |
|
|
Timeout in seconds for ovsdb commands.
|
|
(Available from Queens)
|
|
ovs-use-veth:
|
|
type: string
|
|
default:
|
|
description: |
|
|
"True" or "False" string value. It is safe to leave this option unset.
|
|
This option allows the DHCP agent to use a veth interface for OVS in
|
|
order to support kernels with limited namespace support. i.e. Trusty.
|
|
Changing the value after neutron DHCP agents are created will break
|
|
access. The charm will go into a blocked state if this is attempted.
|